From 24bfa52e934250ea00e1f7cfc3a0c483786db308 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Wed, 9 Mar 2011 14:15:48 +0100
Subject: [PATCH] Make sure the rundir is accessible by the user

otherwise the user might not have enough permissions to access the
socket if root's umask is 077.

http://bugs.debian.org/614210
---
 daemon/libvirtd.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 452566cc3f..9a5a53e3e3 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -3277,16 +3277,20 @@ int main(int argc, char **argv) {
     /* Ensure the rundir exists (on tmpfs on some systems) */
     if (geteuid() == 0) {
         const char *rundir = LOCALSTATEDIR "/run/libvirt";
+        mode_t old_umask;
 
+        old_umask = umask(022);
         if (mkdir (rundir, 0755)) {
             if (errno != EEXIST) {
                 char ebuf[1024];
                 VIR_ERROR(_("unable to create rundir %s: %s"), rundir,
                           virStrerror(errno, ebuf, sizeof(ebuf)));
                 ret = VIR_DAEMON_ERR_RUNDIR;
+                umask(old_umask);
                 goto error;
             }
         }
+        umask(old_umask);
     }
 
     /* Beyond this point, nothing should rely on using